Exemplo n.º 1
0
static void scsi_sanitise(const struct ioctl_group *grp, int childno)
{
    pick_random_ioctl(grp, childno);

    switch (shm->a2[childno]) {
    case SG_IO:
        scsi_sg_io_sanitise(childno);
        break;
    default:
        break;
    }
}
Exemplo n.º 2
0
static void autofs_sanitise(const struct ioctl_group *grp, struct syscallrecord *rec)
{
	struct autofs_dev_ioctl *arg;

	pick_random_ioctl(grp, rec);

	rec->a3 = (unsigned long) get_address();

	switch (rec->a2) {
	case AUTOFS_DEV_IOCTL_VERSION:
	case AUTOFS_DEV_IOCTL_PROTOVER:
	case AUTOFS_DEV_IOCTL_PROTOSUBVER:
	case AUTOFS_DEV_IOCTL_OPENMOUNT:
	case AUTOFS_DEV_IOCTL_CLOSEMOUNT:
	case AUTOFS_DEV_IOCTL_READY:
	case AUTOFS_DEV_IOCTL_FAIL:
	case AUTOFS_DEV_IOCTL_SETPIPEFD:
	case AUTOFS_DEV_IOCTL_CATATONIC:
	case AUTOFS_DEV_IOCTL_TIMEOUT:
	case AUTOFS_DEV_IOCTL_REQUESTER:
	case AUTOFS_DEV_IOCTL_EXPIRE:
	case AUTOFS_DEV_IOCTL_ASKUMOUNT:
	case AUTOFS_DEV_IOCTL_ISMOUNTPOINT:
		arg = (struct autofs_dev_ioctl *) rec->a3;
		init_autofs_dev_ioctl(arg);
		arg->ioctlfd = get_random_fd();
		arg->fail.token = rand();
		arg->fail.status = rand();
		if (RAND_BOOL()) {
			arg->size += 5;
			arg->path[0] = '/';
			arg->path[1] = rand();
			arg->path[2] = rand();
			arg->path[3] = rand();
			arg->path[4] = 0;
		} else {
			int i;

			arg->size += rand();
			for (i=0; i < 10; ++i)
				arg->path[i] = rand();
		}
		break;
	default:
		break;
	}
}
Exemplo n.º 3
0
static void autofs_sanitise(const struct ioctl_group *grp, int childno)
{
    int i;
    struct autofs_dev_ioctl *arg;

    pick_random_ioctl(grp, childno);

    shm->a3[childno] = (unsigned long) page_rand;

    switch (shm->a2[childno]) {
    case AUTOFS_DEV_IOCTL_VERSION:
    case AUTOFS_DEV_IOCTL_PROTOVER:
    case AUTOFS_DEV_IOCTL_PROTOSUBVER:
    case AUTOFS_DEV_IOCTL_OPENMOUNT:
    case AUTOFS_DEV_IOCTL_CLOSEMOUNT:
    case AUTOFS_DEV_IOCTL_READY:
    case AUTOFS_DEV_IOCTL_FAIL:
    case AUTOFS_DEV_IOCTL_SETPIPEFD:
    case AUTOFS_DEV_IOCTL_CATATONIC:
    case AUTOFS_DEV_IOCTL_TIMEOUT:
    case AUTOFS_DEV_IOCTL_REQUESTER:
    case AUTOFS_DEV_IOCTL_EXPIRE:
    case AUTOFS_DEV_IOCTL_ASKUMOUNT:
    case AUTOFS_DEV_IOCTL_ISMOUNTPOINT:
        arg = (struct autofs_dev_ioctl *)shm->a3[childno];
        init_autofs_dev_ioctl(arg);
        arg->ioctlfd = get_random_fd();
        arg->fail.token = rand();
        arg->fail.status = rand();
        if (rand_bool()) {
            arg->size += 5;
            arg->path[0] = '/';
            arg->path[1] = rand();
            arg->path[2] = rand();
            arg->path[3] = rand();
            arg->path[4] = 0;
        } else {
            arg->size += rand();
            for (i=0; i < 10; ++i)
                arg->path[i] = rand();
        }
        break;
    default:
        break;
    }
}
Exemplo n.º 4
0
static void dm_sanitise(const struct ioctl_group *grp, struct syscallrecord *rec)
{
	struct dm_ioctl *dm;

	pick_random_ioctl(grp, rec);

	rec->a3 = (unsigned long) get_writable_address(sizeof(struct dm_ioctl));
	dm = (struct dm_ioctl *) rec->a3;

	/* set a sensible version to get past the initial checks */
	dm->version[0] = DM_VERSION_MAJOR;
	dm->version[1] = DM_VERSION_MINOR;
	dm->version[2] = DM_VERSION_PATCHLEVEL;

	/* clear one of these strings to pass some kernel validation */
	if (RAND_BOOL())
		dm->name[0] = 0;
	else
		dm->uuid[0] = 0;
}
Exemplo n.º 5
0
Arquivo: dm.c Projeto: rantala/trinity
static void dm_sanitise(const struct ioctl_group *grp, int childno)
{
	struct dm_ioctl *dm;

	pick_random_ioctl(grp, childno);

	shm->a3[childno] = (unsigned long) page_rand;
	dm = (struct dm_ioctl *)shm->a3[childno];

	/* set a sensible version to get past the initial checks */
	dm->version[0] = DM_VERSION_MAJOR;
	dm->version[1] = DM_VERSION_MINOR;
	dm->version[2] = DM_VERSION_PATCHLEVEL;

	/* clear one of these strings to pass some kernel validation */
	if (rand() % 2 == 0)
		dm->name[0] = 0;
	else
		dm->uuid[0] = 0;
}
Exemplo n.º 6
0
static void input_sanitise(const struct ioctl_group *grp, int childno)
{
	unsigned int u, r;

	pick_random_ioctl(grp, childno);

	switch (shm->syscall[childno].a2) {
	case EVIOCGNAME(0):
		u = rand();
		shm->syscall[childno].a2 = EVIOCGNAME(u);
		break;
	case EVIOCGPHYS(0):
		u = rand();
		shm->syscall[childno].a2 = EVIOCGPHYS(u);
		break;
	case EVIOCGUNIQ(0):
		u = rand();
		shm->syscall[childno].a2 = EVIOCGUNIQ(u);
		break;
#ifdef EVIOCGPROP
	case EVIOCGPROP(0):
		u = rand();
		shm->syscall[childno].a2 = EVIOCGPROP(u);
		break;
#endif
#ifdef EVIOCGMTSLOTS
	case EVIOCGMTSLOTS(0):
		u = rand();
		shm->syscall[childno].a2 = EVIOCGMTSLOTS(u);
		break;
#endif
	case EVIOCGKEY(0):
		u = rand();
		shm->syscall[childno].a2 = EVIOCGKEY(u);
		break;
	case EVIOCGLED(0):
		u = rand();
		shm->syscall[childno].a2 = EVIOCGLED(u);
		break;
	case EVIOCGSND(0):
		u = rand();
		shm->syscall[childno].a2 = EVIOCGSND(u);
		break;
	case EVIOCGSW(0):
		u = rand();
		shm->syscall[childno].a2 = EVIOCGSW(u);
		break;
	case EVIOCGBIT(0,0):
		u = rand();
		r = rand();
		if (u % 10) u %= EV_CNT;
		if (r % 10) r /= 4;
		shm->syscall[childno].a2 = EVIOCGBIT(u, r);
		break;
	case EVIOCGABS(0):
		u = rand();
		if (u % 10) u %= ABS_CNT;
		shm->syscall[childno].a2 = EVIOCGABS(u);
		break;
	case EVIOCSABS(0):
		u = rand();
		if (u % 10) u %= ABS_CNT;
		shm->syscall[childno].a2 = EVIOCSABS(u);
		break;
	default:
		break;
	}
}